package com.alpha.eceasy.auth;

import jakarta.annotation.Resource;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Slf4j
@Configuration
//@EnableWebSecurity
public class SpringSecurityConfigurer {
    @Resource
    private MyAuthorizationManager authorizationManager;
    @Resource
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;

    /**
     * 配置 Spring Security 的拦截规则
     */
    @Bean
    SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity
                //SpringSecurityConfigurer#configure 允许跨域
                .cors(Customizer.withDefaults())
                // 关闭csrf
                .csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(HttpMethod.GET, // Swagger的资源路径需要允许访问
                                "/v3/api-docs/**",
                                "/swagger-ui.html",
                                "/swagger-ui/**",
                                "/favicon.ico",
                                "/doc.html",
                                "/webjars/**"
                        ).permitAll()
                        .requestMatchers("/upload/avatar/img/**").permitAll()
                        .requestMatchers("/inner/**").permitAll()
                        .requestMatchers("/open/**").permitAll()
                        .requestMatchers("/common/**").permitAll()
                        .requestMatchers("/customer/login").permitAll()
                        .requestMatchers("/customer/register").permitAll()
                        .requestMatchers("/customer/info").permitAll()
                        .requestMatchers("/commodity-specification/async-commodity").permitAll()
                        .anyRequest().access(authorizationManager))
//                // 指定session的创建策略，不使用session
//                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
//                .httpBasic(Customizer.withDefaults())
//                // 重写authenticationManagerBean方法：
//                .authenticationManager(authenticationManager)
                // 在登录之前获取token并校验
                .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
//                .exceptionHandling(e -> e.accessDeniedHandler(new AccessDeniedHandler() {
//                    @Override
//                    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
//                        response.setContentType("text/html;charset=UTF-8");
//                        response.getWriter().write("异常:" + accessDeniedException.getMessage());
//                    }
//                }))
                .build();
    }
}